The internet security company Symantec revealed recently that a group of hackers known as Dragonfly infiltrated malware into legitimate software belonging to three manufacturers of industrial control systems the stuff that controls factories and power grids. In one case, the contaminated control software was downloaded 250 times by unsuspecting users before the compromise was discovered.
This kind of cyberattack is not new, but it is audacious and dangerous. One of the first such assaults was the Stuxnet campaign, which had sabotage as its primary goal, against the Iranian nuclear program. By contrast, Dragonfly was a multi-pronged infiltrator, aimed at cyber-espionage and gaining long-term access to computers, with sabotage as a future option, perhaps flicking off the electrical power to a city or shutting down a factory. Dragonfly probably was state-sponsored from somewhere in Eastern Europe.
Not alarmed? Then take a look at a proposal from the Securities Industry and Financial Markets Association. According to Bloomberg, Wall Street's biggest trade group has suggested setting up a high-level U.S. government-industry council to deal with cyberthreats. What do they fear? Attacks that "destroy data and machines" and could lead to runs on financial institutions, loss of confidence in the banking system and "devastating" consequences for the economy. The group predicts attacks could result in "account balances and books and records being converted to zeros," Bloomberg reported on July 8.